From the U.S. Department of Homeland Security, American International Group and the New York New Jersey Port Authority to Xerox, the University of Illinois and the state of Alabama, organizations and their security operations are similar as well as different. Of course, you don’t have to be the biggest to be the best, but it sure helps. There’s no doubt that those chief security officers, security directors and managers in this second annual Security 500 face common and unique pressures because of higher visibility by their CEOs, stakeholders, Wall Street, the media, criminals and terrorists.
EXECUTIVE SUMMARYSince last year’s ground-breaking Security 500, security continued its positive evolution with critical measures of organizational and professional development. With this report, Security Magazine identified ten distinct management trends. There’s also an intangible that these successful leaders share – passion. It was evident across the top organizations interviewed.
Eight of the trends relate to organizational change and two are changes impacting the security leadership role.
- The “Cs” Are Getting It!
- The Security Organization’s Role Continues to Expand and Evolve
- The Best Security Leaders Are Proactive and Visible
- Preparedness is the BUZZ Word
- Visibility is Back
- Organizational Issues Around Security Are Being Sorted Out
- Initial Planning and Design Increasingly Includes Security
- Technology Design Is Being Driven by Security Specifications
- Career Security Professionals are Crossing the Chasm to Successful Business Executives
- You’re Global!
COMPARED: 2007 TO 2006 FINDINGSThe most significant differences: a movement from “what security should be doing” toward a significant percentage of organizations proactively taking action to implement strategies. Executive management and Boards have turned their attention to security. They better understand what role they want security to play and have made organizational changes as a result. Budget allocations and objectives are aligned with the overall organization focusing on a wide range of attributes from risk mitigation to culture. (Last year's Security 500 is available online at www.securitymagazine.com)
As a result of top executive management’s increased attention, protecting brand and reputation have received a higher priority from security executives. Business resilience and human safety investments (employees, guests, students, patients) have also had an increase in visibility and activity, especially in the area of emergency preparedness.
The traditional security roles of asset protection and regulatory compliance continue as a core activity. Perhaps due to the long-term focus on these issues, there is less new activity and investment necessary to execute effectively. As a result, they were identified as a lower priority or area of concern vs. last year.
Measuring the return on investment for security spending continues as a core objective.
Security spending is now more directly linked to the value it has for the organization’s risk mitigation goals including compliance, business resilience, brand and asset protection. The increased understanding of security’s optimal organizational fit and role at the executive level has created a clearer understanding of what internal measures are important and how to measure them. Examples include workman’s compensation, customer satisfaction, employee retention and revenue/customer retention. The measure of external ROI factors (technology speed or process cost savings) alone are not as significant security spending catalysts as they were last year.
External ROI factors are a competitive advantage to vendors selling solutions, but only after the buying organization has identified its own internal benefits from implementing a particular security solution.
Organizations are increasing their internal measuring activity but not aggressively benchmarking through other organizations or associations. In some vertical markets, organizations are sharing information and benchmarking, such as shrinkage in retail, but this is not a new activity.
Technology continues its significant impact on how security is designed and implemented. The application of IP-centric video, analytics, storage, communications and mobility, monitoring and integration with access control systems, facilities systems and external organizations such as law enforcement is accelerating. Custom-designed security systems, especially emergency, mass notification and sophisticated security operations centers, is a fast growing trend.
This year the Security 500 includes twelve vertical markets and this issue profiles nine of the leading security organizations and their executives.
There are ten trends identified in this year’s Security 500.
1. The C-s Are Getting “IT”CEOs and Boards are coming to understand security’s organizational value beyond its necessity. Security professionals have been aware that the “guns, guards and gates” role of security departments ended years ago. Now the executive suite has learned how important and necessary a strong security leader, strategy and program is to their organization’s overall success.
For organizations that want to compete globally, “go fast, be first” requires security to be integrated into the enterprise-wide strategy as well as executed at an enterprise-wide level. Top leaders understand that the role of security has changed and that they need executive level security leaders who can help drive the overall organization.
This is a new, proactive and productive conversation. Once the “Cs” buy-in to the value of security, increased budget allocations and approvals tend to follow. Last year’s Security 500 identified that executive level buy-in to the value of security was a major factor in the level of the person hired to lead security, the role of security in the organization and security spending.
The result of this “buy-in” is a dynamic shift from academic discussion about what security’s value could be to real organizational changes that are creating value.
2. The Security Organization’s Role Continues to Expand and EvolveThe logical follow through from executive buy-in is asking the security organization to do more. The best security leaders are getting more money and their role is being defined more widely. Increased responsibility is a result of:
- Real world risks that need to be mitigated
- Trust in hand-picked “CSO” level executives
- Increased security specific regulatory and legal requirements
- Outsourcing/supply chain inter-dependencies
- Assessing and mitigating global risks including their supply chain
- Cyber- environment
- Cyber security
- Brand and reputational risk
- Store site selection
- Employee travel
- Community involvement such as the SafeCity Program.
3. Security’s Leaders (that’s you) Are Expected to be Proactive and VisibleSeveral CSOs have been hired by a CEO who told them, “I want to hire you but I am not sure what I want you to do.” That is understandable, as you would not expect most CEOs to have expertise in security. But CEOs clearly know when change is needed and their organization should move in a different direction.
As a result, the expectations are very high even if the direction is not specific. The security leader is expected to be proactive and visible across the organization by setting strategy, executing, communicating and providing measurable results.
The result is that successful security leaders have organizational leadership skills and proactively identify solutions to improve enterprise-wide security within the cultural norms of their organizations.
4. Preparedness is the Buzz WordCreating a reasonable and workable plan, educating and training all stakeholders and drilling – practice, practice, practice – has become a serious exercise and now gets both C-level as well as organizational support and participation. Emergency preparedness has shifted from an annoyance to be tolerated to a benefit sought out by stakeholders, particularly employees. Preparedness is becoming part of the organizational culture.
Good leadership includes showing the behaviors you expect your employees to emulate. In the early 1980s organizations whose CEOs did not use e-mail were the slowest to adopt e-mail. Emergency preparedness has a similar adoption curve, if your “C” is not participating and/or buying in, the organization will not buy in.
The result is a high expectation for emergency preparedness.
5. Visibility Is BackThe concept that technology would replace security officers by employing hidden surveillance in place of a physical officer presence has proven to be a myth instead of a best practice. While technology greatly empowers security officers to be more productive, the value of a physical presence is significant to both ensure employees and guests that safety is a shared concern and also to deter predators from taking action.
The role of the security officer has also grown to include first greeter, guest services, customer services and triage responsibilities as well as their traditional first responder/first line of defense role.
The result is that making security visible to ensure stakeholders safety and deter predators works and its use as a security strategy is on the rise.
6. Organizational Issues Around Security Are Being Sorted OutSecurity’s most beneficial structure and scope to support an organization’s goals comprise becoming better understood by executive management and better placed within organizations. As executive management’s understanding evolves regarding security’s potential as a competitive advantage, business resilience and/or stakeholder retention lever, the best organizational structure and role within each organization is being recognized and realized.
The organizational issues that are being sorted out include:
- Level of the most senior security position
- Role/scope of the security organization
- Security’s relationship to IT
- Measurement: what to measure/how to measure
This shift enables organizations to better communicate the role and beneficial purpose of security across the enterprise, which builds understanding and acceptance.
This trend also implies that future security leaders will be hired with a clear job description and organizational role. The result is that organizational leadership understands what role they want their security departments and executives to play and are more capable of articulating goals and structure than in prior years.
7. Initial Planning and Design Increasingly Include SecuritySecurity planning is being initiated at the design stage more often than not. While there is no standard “security building code” delayed the integration at the design stage. Technology proliferation (e-mail, data security, electronic transaction processing) and the post 9/11 and Katrina reality of increased risk and the related liability have increased security spending and driven the economies toward initial design planning vs. retrofitting.
For cutting edge organizations, design includes the overall environment of the facility or campus including fire/life safety, security and comfort to ensure overall business resilience and productivity. Productivity includes employee retention and wellness.
And it has to be GREEN, of course.
The result is that both being and feeling secure for all stakeholders is gaining consideration and inclusion at the initial design stage and the cost benefit of designing security initially will be substantial.
8. Technology Design Is Being Driven by Security SpecificationsTechnology applications for the purpose of security, life safety and emergency preparedness are coming full circle. IT solutions quickly entered the market after 9/11 using digital and IP-centric infrastructures.
Security and IT departments initially developed a grudging co-existence. IT treats security as an internal customer and provides available technology applications that best meet security’s needs. The expectation was that complex data-center centric systems would be managed by IT and security managers would become extinct.
That has not happened. Instead, leading security organizations are identifying their risks, their needs and working with internal and external IT solution providers to specify and build custom systems.
The result is that security organizations are relying more on technology by designing custom solutions that best mitigate risks and increase emergency preparedness in their unique environment and circumstances.
9. Career Security Professionals Cross the Chasm to Successful Business ExecutivesAt the executive security level, strong leadership, people management and problem solving skills are equally or more important than technical security procedure and operations knowledge.
While the security profession is increasing in numbers and more diverse career backgrounds are entering the field, a significant percentage of career security and law enforcement professionals are successfully transitioning to the CSO or equivalent title.
The result is that career security professionals are demonstrating both the desire and ability for continuous learning and growth in three key areas:
- The security profession
- Their organization
- Their specific industry
10. You’re Global!Security leaders have confided that they are being asked to provide security in places of which they have never heard.
Many organizations – not just businesses, but hospitals and universities – are opening facilities outside the U.S. A major and real concern is the safety of the people who will be working at, living in or visiting those facilities. As security thinking enters the initial planning stages, security organizations will be called upon to participate in the planning and will be expected to deliver effective security programs on time. Security is either a competitive strength or weakness for organizations seeking to “go fast. be first.”
The result is that delivering enterprise-wide security globally will become the norm for top security organizations and their leaders.
Security 500 Sponsors
|ADT SECURITY SERVICES, INC.
|AMERICAN MILITARY UNIVERSITY
|AXIS COMMUNICATIONS, INC.
|B I G ENTERPRISES INC
|COMMUNICATIONS SUPPLY CORP
|CORNING CABLE SYSTEMS
|DEDICATED MICROS, INC.
|DOOR KING INC
|DORTRONICS SYSTEMS INC
|DUOS TECHNOLOGIES, INC
|FLIR SYSTEMS, INC.
|HID GLOBAL CORPORATION
|HIRSCH ELECTRONICS CORP
|HSM ELECTRONIC PROTECTION SVCS
|INTEGRAL TECHNOLOGIES, INC.
|INTERNATIONAL SECURITY NETWORK
|KEYSCAN ACCESS CONTROL
|LENEL SYSTEMS INTL. INC.
LSI EDUCATION INC.
|MAC-MODULAR ACCESS CONTROL
|NETWORK VIDEO TECHNOLOGIES
|OMEGA II FENCE SYSTEMS
|PELCO SALES INC
|SECURING NEW GROUND
|SECURITRON MAGNALOCK CORP
|TIMEKEEPING SYSTEMS INC
|TRANS TECH SYSTEMS
|ULTRA VISION SECURITY SYSTEMS